[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 14 Sep 2021 13:19:52 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c4708bfb by Salvatore Bonaccorso at 2021-09-14T22:15:49+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6547,13 +6547,13 @@ CVE-2021-38179
 CVE-2021-38178
        RESERVED
 CVE-2021-38177 (SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to 
null poin ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-38176 (Due to improper input sanitization, an authenticated user with 
certain ...)
        TODO: check
 CVE-2021-38175 (SAP Analysis for Microsoft Office - version 2.8, allows an 
attacker wi ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-38174 (When a user opens manipulated files received from untrusted 
sources in ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-3689 (yii2 is vulnerable to Use of Predictable Algorithm in Random 
Number Ge ...)
        - yii <itp> (bug #597899)
 CVE-2020-36472 (An issue was discovered in the max7301 crate before 0.2.0 for 
Rust. Th ...)
@@ -6664,11 +6664,11 @@ CVE-2021-38168 (Roxy-WI through 5.2.2.0 allows 
authenticated SQL injection via s
 CVE-2021-38167 (Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. 
An unaut ...)
        NOT-FOR-US: Roxy-WI
 CVE-2021-38164 (SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - 
SAP_APPL -  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-38163 (SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 
7.40, 7. ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, 
KRNL64NUC - 7.22 ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-38161
        RESERVED
 CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, 
there is a ...)
@@ -6709,7 +6709,7 @@ CVE-2021-38152 
(index.php/appointment/insert_patient_add_appointment in Chikitsa
 CVE-2021-38151 (index.php/appointment/todos in Chikitsa Patient Management 
System 2.0. ...)
        NOT-FOR-US: Chikitsa Patient Management System
 CVE-2021-38150 (When an attacker manages to get access to the local memory, or 
the mem ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 
2.0.0 a ...)
        NOT-FOR-US: Chikitsa Patient Management System
 CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for 
non-htt ...)
@@ -8088,15 +8088,15 @@ CVE-2021-37537
 CVE-2021-37536
        RESERVED
 CVE-2021-37535 (SAP NetWeaver Application Server Java (JMS Connector Service) 
- versio ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-37534 (app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored 
XSS when ...)
        NOT-FOR-US: MISP
 CVE-2021-37533
        RESERVED
 CVE-2021-37532 (SAP Business One version - 10, due to improper input 
validation, allow ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-37531 (SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 
7.11, 7. ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-37530
        RESERVED
 CVE-2021-37529
@@ -16954,13 +16954,13 @@ CVE-2021-33690
 CVE-2021-33689 (When user with insufficient privileges tries to access any 
application ...)
        NOT-FOR-US: SAP
 CVE-2021-33688 (SAP Business One allows an attacker with business privileges 
to execut ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-33687 (SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 
7.20, 7.30 ...)
        NOT-FOR-US: SAP
 CVE-2021-33686 (Under certain conditions, SAP Business One version - 10.0, 
allows an u ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-33685 (SAP Business One version - 10.0 allows low-level authorized 
attacker t ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-33684 (SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 
7.21, 7. ...)
        NOT-FOR-US: SAP
 CVE-2021-33683 (SAP Web Dispatcher and Internet Communication Manager (ICM), 
versions  ...)
@@ -16972,7 +16972,7 @@ CVE-2021-33681 (SAP 3D Visual Enterprise Viewer, 
version - 9, allows a user to o
 CVE-2021-33680 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
        NOT-FOR-US: SAP
 CVE-2021-33679 (The SAP BusinessObjects BI Platform version - 420 allows an 
attacker,  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-33678 (A function module of SAP NetWeaver AS ABAP (Reconciliation 
Framework), ...)
        NOT-FOR-US: SAP
 CVE-2021-33677 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 
702, 730, ...)
@@ -16980,13 +16980,13 @@ CVE-2021-33677 (SAP NetWeaver ABAP Server and ABAP 
Platform, versions - 700, 702
 CVE-2021-33676 (A missing authority check in SAP CRM, versions - 700, 701, 
702, 712, 7 ...)
        NOT-FOR-US: SAP
 CVE-2021-33675 (Under certain conditions, SAP Contact Center - version 700, 
does not s ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-33674 (Under certain conditions, SAP Contact Center - version 700, 
does not s ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-33673 (Under certain conditions, SAP Contact Center - version 
700,does not su ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-33672 (Due to missing encoding in SAP Contact Center's Communication 
Desktop  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-33671 (SAP NetWeaver Guided Procedures (Administration Workset), 
versions - 7 ...)
        NOT-FOR-US: SAP
 CVE-2021-33670 (SAP NetWeaver AS for Java (Http Service Monitoring Filter), 
versions - ...)
@@ -26843,7 +26843,7 @@ CVE-2021-29843
 CVE-2021-29842
        RESERVED
 CVE-2021-29841 (IBM Financial Transaction Manager 3.2.4 is vulnerable to 
cross-site sc ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2021-29840
        RESERVED
 CVE-2021-29839
@@ -43077,51 +43077,51 @@ CVE-2021-23055
 CVE-2021-23054
        RESERVED
 CVE-2021-23053 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 
13.1.x be ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23052 (On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, 
an open  ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23051 (On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data 
Plane Develo ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23050 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 
16.0.1.2 a ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23049 (On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 
15.1.3, whe ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23048 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 
15.1.3.1, 14.1 ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23047 (On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x 
before 1 ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23046 (On all versions of Guided Configuration before 8.0.0, when a 
configura ...)
        TODO: check
 CVE-2021-23045 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 
15.1.3.1, 14.1 ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23044 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 
14.1.x b ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23043 (On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 
13.1.x,  ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23042 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 
15.1.3, 14.1.x ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23041 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 
15.1.3, 14.1.x ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23040 (On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 
15.1.3, 14 ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23039 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 
14.1.x before ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23038 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 
14.1.x befo ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23037 (On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 
12.1.x, and ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23036 (On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and 
DataSafe prof ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23035 (On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is 
configured o ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23034 (On BIG-IP version 16.x before 16.1.0 and 15.1.x before 
15.1.3.1, when  ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23033 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 
16.1.0x, 15. ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23032 (On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x 
before 1 ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23031 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 
14.1.x before ...)
-       TODO: check
+       NOT-FOR-US: F5 BIG-IP
 CVE-2021-23030
        RESERVED
 CVE-2021-23029
@@ -47528,7 +47528,7 @@ CVE-2021-21491 (SAP Netweaver Application Server Java 
(Applications based on Web
 CVE-2021-21490 (SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 
710, 711, ...)
        NOT-FOR-US: SAP
 CVE-2021-21489 (SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 
7.30, 7.3 ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2021-21488 (Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 
7.50 allow ...)
        NOT-FOR-US: Knowledge Management
 CVE-2021-21487 (SAP Payment Engine version 500, does not perform necessary 
authorizati ...)
@@ -50512,7 +50512,7 @@ CVE-2021-20584
 CVE-2021-20583 (IBM Security Verify (IBM Security Verify Privilege Vault 
10.9.66) coul ...)
        NOT-FOR-US: IBM
 CVE-2021-20582 (IBM Security Secret Server up to 11.0 stores sensitive 
information in  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2021-20581
        RESERVED
 CVE-2021-20580 (IBM Planning Analytics 2.0 could be vulnerable to cross-site 
request f ...)
@@ -50538,7 +50538,7 @@ CVE-2021-20571
 CVE-2021-20570
        RESERVED
 CVE-2021-20569 (IBM Security Secret Server up to 11.0 could allow an attacker 
to enume ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2021-20568
        RESERVED
 CVE-2021-20567 (IBM Resilient SOAR V38.0 could allow a local privileged 
attacker to ob ...)
@@ -50660,7 +50660,7 @@ CVE-2021-20510 (IBM Security Verify Access Docker 
10.0.0 stores user credentials
 CVE-2021-20509 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially 
vulnerable  ...)
        NOT-FOR-US: IBM
 CVE-2021-20508 (IBM Security Secret Server up to 11.0 could allow a remote 
attacker to ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2021-20507 (IBM Jazz Foundation and IBM Engineering products are 
vulnerable to cro ...)
        NOT-FOR-US: IBM
 CVE-2021-20506 (IBM Jazz Foundation Products are vulnerable to cross-site 
scripting. T ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4708bfbaab0ce382e1e594364f8a780109bec79

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4708bfbaab0ce382e1e594364f8a780109bec79
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to